On Wed, Mar 11, 2015 at 1:32 PM, Greg Stark <stark@mit.edu> wrote:
> I think what we have here is already a good semantic representation. It
> doesn't handle all the corner cases but those corner cases are a) very
> unlikely and b) easy to check for. A tool can check for any users starting
> with + or named "all" or any databases called "sameuser" or "samerole". If
> they exist then the view isn't good enough to reconstruct the raw file. But
> they're very unlikely to exist, I've never heard of anyone with such things
> and can't imagine why someone would make them.
-1. Like Peter, I think this is a bad plan. Somebody looking at the
view should be able to understand with 100% confidence, and without
additional parsing, what the semantics of the pg_hba.conf file are.
Saying "those cases are unlikely so we're not going to handle them" is
really selling ourselves short.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
